[dev] help/options links
Roel Gloudemans
roel at gloudemans.info
Wed Sep 1 06:32:09 PDT 2004
----- Message from chuck at horde.org --------- Date: Wed, 1 Sep 2004
08:44:06
-0400 From: Chuck Hagenbuch <chuck at horde.org>Reply-To: Chuck Hagenbuch
<chuck at horde.org> Subject: Re: [dev] help/options links To:
dev at lists.horde.org
> Quoting Roel Gloudemans <roel at gloudemans.info>:
>
>>>> e.g. set ownership of cmdshell.php to root:sys and permissions to 500
>>>> (or remove the script alltogether). In that case the webserver
>>>> cannot execute the script. If we can detect this from the menu
>>>> script we don't show the link.
>>>
>>> Okay, but you don't really *need* menu checks then, since the links
>>> simply won't work. :)
>>
>> Ewwww, ugly!
>
> Indeed, but so is putting in checks on the permissions of files on
> specific menu
> items that'll need to be hardcoded. And are tailored to the requirements of a
> single site, not a general solution.
But the Administrator menu items are hardcoded already. I've commented
them out
at the moment. But I must agree that the solution I proposed is also
ugly. This
would essentially be another options/preferences system, which will have to be
documented etc.
Just another idea:
SQL/PHP/Command shells could be moved into a separate module. E.g. sesha (is
that the ssh module?) is also a separate module. The functionality offered by
the shells might benefit other users beside the administrator (especially in
development environments). Some work will have to be done on the modules to
make suitable for such a deployment, but this would be a very nice solution.
Would it be worthwile to do a manual/article on buttoning down a Horde
installation? (Targeted at sites that need/want that extra bit of security)
Cheers,
Roel.
More information about the dev
mailing list